New User, Welcome!     Login

SAP Web Application Server

[Onapsis Security Advisory 2010-001] SAP WebAS Integrated ITS Remote Command Execution

1. Impact on Business
=====================

By exploiting this vulnerability, an internal or external attacker would be able execute arbitrary remote commands over vulnerable SAP Web Application
Servers, taking complete control of the SAP system.

With these privileges, he would be able to obtain, create, modify and/or delete any business related information stored in the vulnerable SAP system.

- - Risk Level: High

[Onapsis Security Advisory 2011-016] SAP WebAS Malicious SAP Shortcut Generation

- - Vendor: SAP

- - Affected Components:

        * SAP Web Application Server 7.00 Patch Number 95
         ( Check note 1556749 for detailed information on affected releases)

- - Vulnerability Class:  Abuse of designed functionality / Parameter Injection

- - Remotely Exploitable: Yes

[Onapsis Security Advisory 2011-004] SAP WebAS ITS Mobile Test Service Multiple Vulnerabilities

4. Affected Components Description
==================================

The SAP Web Application Server (WebAS) is the application platform of the SAP NetWeaver, which is the basis for the other NetWeaver components. With
the SAP Web Application Server you can implement both server-based and client-based Web applications.


5. Vulnerability Details
========================

[Onapsis Security Advisory 2011-003] SAP WebAS ITS Mobile Start Service Multiple Vulnerabilities

4. Affected Components Description
==================================

The SAP Web Application Server (WebAS) is the application platform of the SAP NetWeaver, which is the basis for the other NetWeaver components. With
the SAP Web Application Server you can implement both server-based and client-based Web applications.


5. Vulnerability Details
========================

[DSECRG-08-023] SAP Web Application Server XSS Security Vulnerability

Digital Security Research Group [DSecRG] Advisory       #DSECRG-08-023


Application:                    SAP Web Application Server              
Versions Affected:              Version 7.0 
Vendor URL:                     http://SAP.com
Bugs:                           XSS
Exploits:                       YES
Reported:                       25.01.2008

[Onapsis Security Advisory 2011-015] SAP WebAS webrfc Cross-Site Scripting

- - Vendor: SAP

- - Affected Components:

        * SAP Web Application Server 7.00 Patch Number 95
        ( Check note 1536640 for detailed information on affected releases)

- - Vulnerability Class: Cross-Site Scripting (XSS)

- - Remotely Exploitable: Yes

[DSECRG-09-033] SAP Netweaver UDDI - XSS Security Vulnerability

http://www.dsecrg.com/pages/vul/show.php?id=133

Digital Security Research Group [DSecRG] Advisory       #DSECRG-09-033


Application:                    SAP NetWeaver Application Server (Java)         
Versions Affected:              Version 7.0 
Vendor URL:                     http://SAP.com
Bugs:                           XSS
Exploits:                       YES
Reported:                       18.03.2009

[Onapsis Security Advisory 2011-014] SAP WebAS Remote Denial of Service

- - Vendor: SAP

- - Affected Components:

        * SAP Web Application Server 7.00 Patch Number 95
        ( Check note 1553930 for detailed information on affected releases)

- - Vulnerability Class: Abuse of designed functionality

- - Remotely Exploitable: Yes

[Onapsis Security Advisory 2010-003] SAP WebDynpro Runtime XSS/CSS Injection

which ensures that the business logic is separated from the presentation
logic.

The SAP Enterprise Portal and Web Dynpro for Java are the strategic user
interface technologies of SAP and are based on the SAP Web Application
Server
(WebAS) Java.


5. Vulnerability Details
========================


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!